A malicious user can create a form which is submitted by the victim (automatically using Active Scripting or manually using Social Engineering). This form can cause a non-HTTP service to echo back JavaScript commands which in turn allow the malicious user to steal the cookie for that domain. There are more uses for this attack, other than just stealing cookies.